The news GDPR rules of European Community are becoming valid and binding. Lots of communities are using communities.cyclos.org for handling of their members address data and transaction processing. So probably, STRO, who operates communities.cyclos.org is our 'data processor' in terms of GDPR ruling - right?

We probably need some declaration of GDPR compliance, right?
Is something like this available?

The GDPR is a shared effort. We have implemented secured measures concerning the database and have one administrator account that has access to the communities. Our organisation does not access or share or use any of the data of the communities. The person or organisation that created the community and the persons that operator the community will be also responsible for the data and will also need to comply to the regulation.